Security
SAR Portal implements comprehensive security measures to protect your data and maintain GDPR compliance.
Authentication
How You Sign In
SAR Portal uses secure enterprise authentication:
- Email-based sign-in
- Passwordless options available
- Multi-factor authentication supported
- Sign in with Microsoft or Google accounts
Session Security
- Sessions expire after inactivity
- Automatic logout on browser close (optional)
- Concurrent session limits
- Secure token handling
Data Security
Encryption at Rest
All data is encrypted using:
- Industry-standard encryption
- Managed encryption keys
- Enterprise-grade cloud infrastructure
What’s encrypted:
- Case data
- Documents
- User information
- Audit logs
Encryption in Transit
All data transmission uses:
- Modern TLS encryption
- HTTPS only
- Certificate validation
- Strong cipher suites
Data Residency
Your data is stored in EU data centers:
- EU-based cloud regions
- GDPR compliant infrastructure
- No data transferred outside EU
Access Control
Role-Based Access
Users only see what their role permits:
- Admins: Full access
- Case Managers: Case operations
- Reviewers: Limited editing
- Read Only: View only
Tenant Isolation
Each organization’s data is completely isolated:
- Separate data partitions
- No cross-tenant access
- Unique encryption keys
Infrastructure Security
Cloud Platform
Built on enterprise-grade cloud infrastructure:
- ISO 27001 and SOC 2 certified platform
- Periodic security reviews
- DDoS protection
Network Security
- Web Application Firewall (WAF)
- Network isolation
- Rate limiting
- IP monitoring
Monitoring
- 24/7 security monitoring
- Anomaly detection
- Incident response procedures
- Periodic security assessments
Application Security
File Security
Documents are protected by:
- Security scanning on upload
- Deep file type validation
- Size limits
- Secure storage
Rate Limiting
Protection against abuse:
- All public endpoints are rate-limited
- Sensitive operations have stricter limits
- Automatic blocking of excessive requests
Input Validation
All user input is:
- Validated on client and server
- Sanitized before storage
- Protected against injection attacks
Your Security Responsibilities
Account Security
- Use strong, unique passwords
- Enable MFA if available
- Don’t share credentials
- Log out on shared devices
User Management
- Remove access promptly when staff leave
- Use principle of least privilege
- Review user access regularly
- Monitor for unusual activity
Data Handling
- Don’t download unnecessary data
- Secure your local devices
- Report suspicious activity
- Follow your organization’s policies
Security Features by Plan
| Feature | Basic | Starter | Pro |
|---|---|---|---|
| Encryption | Yes | Yes | Yes |
| Role-based access | Yes | Yes | Yes |
| Audit logs | Yes | Yes | Yes |
| Rate limiting | Yes | Yes | Yes |
| SSO (Microsoft & Google) | Yes | Yes | Yes |
Reporting Security Issues
If you discover a security vulnerability:
- Email security@sarportal.com
- Provide detailed description
- Don’t publicly disclose
- We’ll respond promptly
Security & Compliance
SAR Portal is hosted on Microsoft Azure, which maintains ISO 27001 and SOC 2 Type II certifications. The platform is designed with security and data-protection controls aligned to recognised standards, focusing on access control, data isolation, auditability, and least-privilege principles.
- GDPR compliant
- Built with privacy by design
- SAR Portal itself is not currently ISO 27001 or SOC 2 certified